Re: [Openvpn-devel] New feature: --ifconfig for tap devices
Hola Julien, On Sun, 07 Sep 2003 14:11:27 +0200 julien Touchewrote: > > some googling drives me to this thread > http://www.monkey.org/openbsd/archive/tech/0111/msg00098.html > and > find /sys -iname '*tap*' returns nothing > > so i'm not sure openbsd stock-kernel has tap ... Yep, OpenBSD has no tap-device support in the kernel. Some days ago i was at the same point. > if someone has more information (i will ask about it on misc@) Someone has been porting the tap-device driver from FreeBSD to OpenBSD. You can find more at http://diehard.n-r-g.com Well, the port and patch you can find on this side are not complete for an out of the box start on OpenBSD 3.3-RELEASE. The patch is dated at November 2001, so you can expect that this won't work on 3.3-RELEASE. So, you've to modify the files by hand. What the patch doesn't show, is that you've to modify /sys/conf/GENERIC ( and/or GENERIC_PART ) - it needs the following line: pseudo-device tap 2 # number of tap device Further the file if_tap.c needs the function tapkqfilter; it looks like the following : int tapkqfilter(dev_t dev,struct knote *kn) { return (1); } Without this function you'll get an error while compiling the new kernel. I had success on building a kernel with tap-device on OpenBSD/i386 and on Openbsd/Sparc64 ( both 3.3 ). So far so good. On an intel-box using it with openvpn i crashed the kernel. Until yet no idea why and no time to get closer to the problem. Well on the Sparc64 it's working. Means no kernel crash ;-) Ok, i tried to get a tunnel working between a linux-intel-box and the openbsd-sparc-box using openvpn 1.3.1. With a simple setup i only get a "Peer Connection Initiated with ..." from openvpn on both after pinging each side. That's all so far. Until yet i wasn't able to see the icmp-packets via tcpdump on both tap devices. Maybe i don't see the trees in the wood. Steffen -- It's not the matter to break the wall with your head, but to find the door with your eyes !
Re: [Openvpn-devel] New feature: --ifconfig for tap devices
On Sun, 07 Sep 2003, julien Touche wrote: > not sure if tap is available on openbsd (have post it previously to james) Makes me wonder if we can tunnel between Solaris/OpenBSD on one end and Winbloze on the other end. Windows apparently only supports "tap" ethertap, and Solaris and OpenBSD apparently only support "tun" IP tunnels. > some googling drives me to this thread > http://www.monkey.org/openbsd/archive/tech/0111/msg00098.html > and > find /sys -iname '*tap*' returns nothing > > so i'm not sure openbsd stock-kernel has tap ... I'd think it can be done. Tried loading a "tap" or "if_tap" module or something? FreeBSD compiles tap as a module that isn't loaded by default, you need to manually kldload it on FreeBSD. -- Matthias Andree Encrypt your mail: my GnuPG key ID is 0x052E7D95
Re: [Openvpn-devel] New feature: --ifconfig for tap devices
James Yonan wrote: What I need right now in order to make the TAP version of --ifconfig work correctly, is the correct ifconfig command syntax for setting the IP address and netmask of a TAP device, on all the OSes which OpenVPN supports. I've already coded templates for Linux and Windows, but I still need to know the appropriate ifconfig syntax for FreeBSD, OpenBSD, NetBSD, Solaris, and Mac OS X, with respect to setting the IP/netmask on a TAP device. So if you are using one of these OSes with OpenVPN + TAP adapter, please let us know what kind of ifconfig syntax you use in your --up script to set the adapter parameters. not sure if tap is available on openbsd (have post it previously to james) some googling drives me to this thread http://www.monkey.org/openbsd/archive/tech/0111/msg00098.html and find /sys -iname '*tap*' returns nothing so i'm not sure openbsd stock-kernel has tap ... if someone has more information (i will ask about it on misc@) Regards Julien
Re: [Openvpn-devel] Need 1.5 beta testers for *BSD, Linux 2.2, OS X
James Yonan wrote: I'm thinking about something like this in a more generalized context, where OpenVPN running as a server would actually generate the config file for the client, and send it to the client via SSL after an initial authentication handshake. This would simplify the configuration on the client side, and allow the server to send routes back to the client. one extra could be: for a client side hidden behind a gateway (so no public ip) could contact and establish a vpn with a public box. would it be possible without any relay on the client gateway ? Regards Julien